Bug 187252
Summary: | RFE: Add rekey support as soon as the vpnc rekey patch is accepted upstream | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Patrick C. F. Ernzer <pcfe> |
Component: | NetworkManager-vpnc | Assignee: | Christopher Aillon <caillon> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | caillon, davidz, dcantrell, dcbw, extras-qa |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-29 04:14:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Patrick C. F. Ernzer
2006-03-29 16:06:52 UTC
Passing the buck to Dan Williams The real solution is to get upstream vpnc to turn on re-key by default, so that we don't need an option in nm-vpnc. But this does expose a greater problem. With nm-vpnc there is no way to pass custom options to the vpnc binary. There should be a way to do this, perhaps not exposed as much. I don't really see a need to expose to the user whether rekeying is needed; it's a dull implementation feature albeit an important one. So.. we don't want this neither in gconf (we don't want users to use gconf-editor to modify existing connections) nor in the UI (it just doesn't make sense in the UI). Please don't. Suggest to make NM-vpnc accept a compile time option whether to pass the rekeying option. Then we can pass this option to the NM-vpnc FE package and make it pull in the right vpnc package that support rekeying. There is really no need to make it more complicated. Hmm, the problem here is that I don't think vpnc knows about the rekey interval from anything but the config file... so if you want rekeying, you need to know what the interval is, no? We use 8 hours, but I've heard of one place that uses 15m intervals (crazy). While the Cisco client appears to be able to automatically determine the rekey interval, vpnc doesn't support that yet... Oh my... so until vpnc gets this functionality suggest to just hardcode it at say two hours just to pick a random number. I mean... it's not like NM-vpnc was useful before to people that use 15m intervals as it didn't do rekeying before that. How about that? Some day, and that day may never come, vpnc can figure this out itself. Ah, the joys of options - options are indeed evil :-) Hey hey hey. I've got this under control. :-) I have a patch already which I'm tuning. Patch is in Rawhide and CVS HEAD of NM. Rekey is defaulted to 2 hours, and users can modify it by adding the correct config magic to GConf. There's no UI for it though. |